[German]On January 10, 2023, Windows 7 SP1 and Windows Server 2008/R2 will receive security updates for the last time and will drop out of support. With this, Microsoft will also discontinue support for Edge on Windows 7 SP1, Windows Server 2008/R2 and Windows Server 2012/R2. ACROS Security has announced it will secure the Microsoft Edge browser for at least two years, until January 2025, after the browser is no longer supported by Microsoft on these platforms.
After all, there had been an announcement for some time that ACROS Security would secure Windows 7 and Windows Server 2008 R2 for two years beyond the end of support (January 10, 2023) using 0patch micropatches. I reported about this in the blog post Windows 7/Server 2008 R2 receive 0patch micropatches in 2023 and 2024.
However, Microsoft had discontinued support for the Microsoft Edge browser for Windows 7 SP1, Windows Server 2008/R2 and Windows Server 2012/R2 as of January 2023 (see Windows 7/8.1: Google ends support in February 2023, Edge also affected and Microsoft Edge: Version 108.0.1462.46; Reactivate Next button; Windows 7/8.1 support ends in version 110). This is especially unpleasant for Windows Server 2012 R2, as that platform will continue to receive security updates until October 2023. Microsoft Edge version 109 (to be deployed next week), will therefore be the last Edge version to run on all these Windows systems, but will no longer receive security patches.
Now Mitja Kolsek, the founder of ACROS Security informed me a few hours ago that they plan to secure Microsoft Edge even after its support ends on Windows 7 SP1, Windows Server 2008/R2 and Windows Server 2012/R2.
Kolsek has made the details public in this blog post. The developers of 0patch have decided to provide the critical security patches for Edge version 109, so that it can safely continue to use on Windows 7, Windows Server 2008 R2 and Windows Server 2012 / R2.
The prerequisite is that the Edge browser has been updated to version 109 on the systems and that the 0patch agent is running on the systems. Whenever critical vulnerabilities are discovered in Edge, 0patch will develop micropatches to close these vulnerabilities and deploy them via the agent. Edge security patches are part of the Pro and Enterprise license. So those who already use 0patch on their systems will automatically get Edge micropatches with these licenses at no additional cost.
Initially, the plan is to support Microsoft Edge 109 until January 2025, when 0patch support for Windows 7 and Windows Server 2008 R2 will expire. Depending on demand, the developers want to consider a further extension of support.
The 0Patch solution
ACROS Security analyzes vulnerabilities and provides micropatches to close the security holes. The micropatches are loaded into memory at runtime via the 0patch agent and have the effect that the vulnerabilities can no longer be exploited. For notes on how the 0patch agent, which loads the micropatches into memory at an application's runtime, works, see blog posts (such as this one).
Windows 7: Securing with the 0patch solution – Part 2 – Teil 2
Windows 7/Server 2008/R2: 0patch delivers security patches after support ends
Project: Windows 7/Server 2008/R2 Life Extension & 0patch one month trial
0patch: Fix for Internet Explorer 0-day vulnerability CVE-2020-0674
0patch: Fix for Windows Installer flaw CVE-2020-0683
0patch fix for Windows GDI+ vulnerability CVE-2020-0881
0-day vulnerability in Windows Adobe Type Library
0patch fixes CVE-2020-0687 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1048 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1015 in Windows 7/Server 2008 R2
0patch for 0-day RCE vulnerability in Zoom for Windows
Windows Server 2008 R2: 0patch fixes SIGRed vulnerability
0patch fixes CVE-2020-1113 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1337 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1530 in Windows 7/Server 2008 R2
0patch fixes Zerologon (CVE-2020-1472) vulnerability in Windows Server 2008 R2
0patch fixes CVE-2020-1062 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1300 in Windows 7/Server 2008 R2
0patch fixes 0-day vulnerability in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1013 in Windows 7/Server 2008 R2
0patch fixes a Local Privilege Escalation 0-day in Sysinternals PsExec
0patch fixes Windows Installer 0-day Local Privilege Escalation vulnerability
0patch fixes 0-day in Internet Explorer
0patch fixes CVE-2021-26877 in the DNS server of Windows Server 2008 R2
0patch fixes Windows Installer LPE-Bug (CVE-2021-26415)
0Patch provides support for Windows 10 version 1809 after EOL
Windows 10 V180x: 0Patch fixes IE vulnerability CVE-2021-31959
0Patch Micropatches for PrintNightmare Vulnerability (CVE-2021-34527)
0patch fix for new Windows PrintNightmare 0-day vulnerability (Aug. 5, 2021)
0patch fix for Windows PetitPotam 0-day vulnerability (Aug. 6, 2021)
2nd 0patch fix for Windows PetitPotam 0-day vulnerability (Aug. 19, 2021)
Windows 10: 0patch fix for MSHTML vulnerability (CVE-2021-40444)
0patch fixes LPE Vulnerability (CVE-2021-34484) in Windows User Profile Service
0patch fixes LPE vulnerability (CVE-2021-24084) in Mobile Device Management Service
0patch fixes InstallerTakeOver LPE 0-day vulnerability in Windows
0patch fixes ms-officecmd RCE vulnerability in Windows
0patch fixes RemotePotato0 vulnerability in Windows
0patch fixes again vulnerability CVE-2021-34484 in Windows 10/Server 2019
0Patch fixes vulnerabilities (CVE-2022-26809 and CVE-2022-22019) in Windows
Windows MSDT 0-day vulnerability "DogWalk" receives 0patch fix
0patch fixes all known and exploitable Windows NTLM/Kerberos vulnerabilities
0patch fixes Memory Corruption vulnerability (CVE-2022-35742) in Microsoft Outlook 2010
Cookies helps to fund this blog: Cookie settings